Action: Verify that the identity provider is in the federations configuration.

Level: 1

Type: ERROR

Impact: Requests/Responses

FED-15123: Invalid subject format for protocol version SAML 1.x

Cause: The subject format was invalid.

Action: Verify that the peer provider is using the correct subject format.

Level: 1

Type: ERROR

Impact: Requests/Responses

FED-15124: Provider federation does not exist for userID: {0}.

Cause: Provider federation has been deleted or the userID is not valid.

Action: Check the request or retry.

Level: 1

Type: ERROR

Impact: Requests/Responses

FED-15125: Single sign-on response was not signed.

Cause: The single sign-on response signature requirements were not met.

Action: Verify that a signature was present in the single sign-on response and that Oracle Identity Federation is using the correct certificate for signature validation.

Level: 1

Type: ERROR

Impact: Requests/Responses

FED-15128: An internal error occurred while processing the credentials

Cause: The authentication engine did not return the required refID parameter.

Action: Check that the authentication flow correctly sent the refID parameter to the Oracle Identity Federation server

Level: 1

Type: ERROR

Impact: Requests/Responses

FED-15129: InfoCard error: incoming token is not a SAML token: {0}

Cause: The incoming WS-Trust token is not a SAML assertion.

Action: Check with the WS-Trust provider

Level: 1

Type: ERROR

Impact: Requests/Responses

FED-15130: AssertionID parameter not present

Cause: The AssertionID was not present in the request.

Action: Verify that the AssertionID is set in the request

Level: 1

Type: ERROR

Impact: Requests/Responses

FED-15131: Certificate was missing when trying to verify digital signature.

Cause: Certificate missing when trying to verify incoming signature.

Action: Verify that the requester specified its identity when making the request, either in the message or by authenticating to the Oracle Identity Federation server via SSL or HTTP Basic Authentication

Level: 1

Type: ERROR

Impact: Requests/Responses

FED-15132: Unknown refID

Cause: User previously accessed the Oracle Identity Federation server with a different host name than the one in the current request and cookies were not transmitted.

Action: Use the same hostname and fully qualified domain URL to access the Oracle Identity Federation server.

Level: 1

Type: ERROR

Impact: Requests/Responses

FED-15133: Unknown FedID: {0}

Cause: No federation record exists with specified fedID in the configured federation data store.

FED-18062: Personal card issuer was selected for this authentication mechanism, but the personal card issuer does not exist in the federations: {0}

Cause: The personal card issuer is not present in the federations list.

Action: Create an entry for the personal card issuer in the federations configuration of provider type Identity Provider, with the ProviderID set to http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self

Level: 1

Type: ERROR

Impact: Security

FED-18063: Infocard mode not enabled for this provider: {0}

Cause: The Infocard mode is disabled for that provider.

Action: Check the Oracle Identity Federation configuration to enable the Infocard mode for that provider.

Action: Check the Oracle Identity Federation configuration for which HTTP Header used by Oracle Single Sign-On to hold the UserID is specified.

Level: 1

Type: ERROR

Impact: Security

FED-18070: Service provider Oracle Single Sign-On integration module: could not decrypt the token with current key, and old key expired

Cause: The Oracle Identity Federation server could not decrypt the data sent by the Oracle Single Sign-On server. The Oracle Identity Federation server will use the second key.

Action: Check that the encryption key used by Oracle Identity Federation and Oracle Single Sign-On is in sync. If necessary, regenerate a new key in the Oracle Identity Federation configuration and copy it to the Oracle Single Sign-On server.

Level: 1

Type: ERROR

Impact: Security

FED-18071: Service provider Oracle Single Sign-On integration module: could not decrypt the token with current key

Cause: The Oracle Identity Federation server could not decrypt the data sent by the Oracle Single Sign-On server. The Oracle Identity Federation server will use the second key.

Action: Check that the encryption key used by Oracle Identity Federation and Oracle Single Sign-On is in sync. If necessary, regenerate a new key in the Oracle Identity Federation configuration and copy it to the Oracle Single Sign-On server.

Level: 1

Type: WARNING

Impact: Security

FED-18072: Service provider Oracle Single Sign-On integration module: could not encrypt the token

Cause: The Oracle Identity Federation server could not encrypt the data to be sent to the Oracle Single Sign-On server.

Action: Check that the encryption key used by Oracle Identity Federation is valid. If necessary, regenerate a new key in the Oracle Identity Federation configuration and copy it to the Oracle Single Sign-On server.

Cause: The XML EncryptedData element was not found when trying to decrypt the incoming data.

Action: Check the message and contact the remote server administrator if necessary.

Level: 1

Type: ERROR

Impact: Security

FED-18078: XML decryption error: could not get the decryption secret key

Cause: The key to decrypt the EncryptedData element could not be retrieved.

Action: Check the message and contact the remote server administrator if necessary.

Level: 1

Type: ERROR

Impact: Security

FED-18079: The return URL could not be validated: {0}

Cause: The specified return URL could not be validated against the list of approved hostnames/domains.

Action: Check if the return URL points to a valid host name/domain, and update if necessary the list of approved host names/domains. If the return URL is not recognized or invalid, do not update the list of approved host names/domains.

Level: 1

Type: ERROR

Impact: Security

FED-20000: Cannot open the key store.

Cause: Invalid or unsupported key store, or incorrect password. During installation, this error is expected.

Action: Verify that password is correct and the store is a valid PKCS #12 PFX wallet or Java KeyStore file. During installation, this error can be ignored.